Windows Identity Foundation (WIF) is a Microsoft framework for building identity-aware applications. It is a core component in configuring RD Web for Single Sign On and will need to be in place before proceeding.

In Server 2012 this is installed as a Windows Feature. Open Server Manager and under Features make sure the box for Windows Identity Foundation 3.5 is checked.

Modify the C2WTShost.exe.config File

Run notepad elevated (Run as Administrator) and open C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config

Add the following BOLDED line to the existing configuration to allow the RD Web application pool access as an allowed caller:<allowedCallers> <clear /> <add value="IIS APPPOOL\RDWebAccess" /> </allowedCallers>

Save the file

Enable the C2WTS Service.

Open services.msc

In the list of services look for Claims to Windows Token Service

Right-click on this service and select Properties

Ensure the Startup type is set to Automatic

Ensure the service is started by clicking Start if it is not greyed out.

Note: If the service fails to start then the c2wtshost.exe.config is not properly configured. Please review Step 2 or contact Scorpion Software Support.

Setting up RDWeb in your On-Demand Tenant

Select Directory Manager.

Select Groups.

Select the green plus sign in the bottom right corner.

Name the Group RDWebUsers.Note: If you have other existing Groups for SSO users you can use one of these as well.